Bug#905232: stretch-pu: package brltty/5.4-7+deb9u1
Control: tags -1 + moreinfo d-i
On Wed, 2018-08-01 at 19:09 +0200, Samuel Thibault wrote:
> The story is that the policykit-1 package was patched in unstable
> with 0.115/Fix-CVE-2018-1116-Trusting-client-supplied-UID.patch
> to fix a CVE, and we have noticed that it completely breaks polkit
> authentication in brlapi, which means that braille does not work in
> graphical sessions, reported as bug #905058. This is actually due to
> a misuse of the polkit API in brltty, which only got to pose problem
> with the addition of that policykit patch. A brltty fix has been
> uploaded to unstable so the issue is fixed there. policykit
> maintainers however plan to upload their patch to stretch, so we need
> to upload the brltty fix in stretch too.
Thanks for fixing this. As brltty produces a udeb, this needs a KiBi-
ack; tagged and CCing accordingly.
Regards,
Adam
Reply to: